FATF Grey List: Business Impact and Banking Relationships

When the Financial Action Task Force places a country on its Jurisdictions Under Increased Monitoring list — universally known as the grey list — the consequences extend far beyond the governmental negotiations that dominate headlines. For businesses incorporated in or transacting with grey-listed jurisdictions, the practical impact on banking relationships, payment access, and the cost of doing business can be severe and immediate. Understanding the mechanics of greylisting is essential for any compliance team managing cross-border exposure.

What Greylisting Means

FATF's grey list (formally the ICRG — International Cooperation Review Group — list) is not a blacklist. It is a designation indicating that a country has made a high-level political commitment to address identified deficiencies in its AML/CFT framework and is subject to ongoing monitoring and reporting to FATF. Unlike FATF's "High-Risk Jurisdictions Subject to a Call for Action" (the black list, currently featuring North Korea and Iran), greylisting does not trigger an automatic obligation on member states to apply enhanced countermeasures. However, it does require member states to apply enhanced due diligence to business relationships and transactions involving grey-listed countries — and in practice, many financial institutions apply substantially more severe restrictions than the minimum required.

How Countries Get Greylisted

FATF assesses countries through a mutual evaluation process against its 40 Recommendations and 11 Immediate Outcomes. Countries that are found to have significant strategic deficiencies — typically a combination of low technical compliance ratings and poor effectiveness ratings in areas like beneficial ownership, financial intelligence, and prosecution of money laundering — may be proposed for grey-listing by the ICRG. The country is given an opportunity to respond and present remediation plans before a formal listing decision is made.

The specific deficiencies cited in grey-list designations are typically in: beneficial ownership transparency, financial intelligence unit capacity, prosecution and conviction of money laundering offences, freezing and confiscation of criminal proceeds, and supervision of the financial sector. These deficiencies are made public in the FATF plenary statement at the time of listing, providing financial institutions with specific intelligence on where the risks lie.

Current Grey-Listed Countries and Their Commercial Significance

FATF updates its lists three times per year following plenary meetings in February, June, and October. As of early 2026, the grey list includes a range of jurisdictions across the Middle East, Africa, Southeast Asia, and the Caribbean. Countries that have historically appeared on the grey list include Pakistan, Turkey, the UAE (now delisted), Nigeria, South Africa, the Philippines, and Morocco, among others.

The commercial significance of a greylisting depends heavily on the economic profile of the country involved. When Turkey was on the grey list (2021–2024), the implications for European and UK financial institutions with significant Turkish correspondent relationships were substantial. When the UAE was grey-listed in 2022 (delisted in February 2024 after remediation), it triggered a wave of enhanced due diligence obligations for one of the world's major financial centres. The delisting of the UAE in 2024 was welcomed by financial institutions globally, though many have maintained elevated scrutiny for UAE-linked transactions even post-delisting given the residual reputational risk.

Correspondent Banking Withdrawal

The most severe commercial consequence of greylisting is correspondent banking withdrawal. Large international banks — responding to a combination of regulatory obligation and commercial risk calculus — routinely exit or severely restrict correspondent relationships with banks in grey-listed jurisdictions. Research by the IMF and World Bank has consistently shown that greylisting accelerates correspondent banking de-risking, reducing the number of active correspondent relationships to the affected country and increasing the cost of international transactions that remain possible.

The mechanism is straightforward: Wolfsberg Group principles require correspondent banks to conduct enhanced due diligence on respondent relationships, including an assessment of the respondent's AML framework and the regulatory environment it operates in. Where the national supervisor is itself assessed as deficient by FATF, the correspondent bank faces a significantly harder evidential burden in satisfying itself that the respondent relationship is adequately managed. Many banks conclude that the compliance cost exceeds the commercial return and exit the relationship.

The consequence for end-users — businesses and individuals in the affected country — is reduced access to international payment rails, higher transaction costs, and longer settlement times. For businesses that depend on USD or EUR clearing, which requires access to US or EU correspondent networks, greylisting of their home country can effectively exclude them from international trade finance and cross-border payment systems.

De-Risking: The Over-Compliance Problem

While the formal regulatory requirement on greylisting is enhanced due diligence (not automatic exclusion), many financial institutions apply a blanket policy of refusing business connected to grey-listed jurisdictions. This over-compliance — driven by risk aversion and the perception that any grey-list exposure creates reputational risk with domestic supervisors — has been criticised by FATF itself, which has noted that de-risking is not a compliant response to greylisting where legitimate business relationships exist.

The FCA's Financial Crime Guide explicitly notes that firms should not apply a blanket refusal of business from higher-risk countries, and that the risk-based approach requires assessment of individual customer risk rather than categorical exclusion based on geography alone. However, the commercial reality is that many banks apply policies that are more restrictive than their regulatory obligations require, leaving legitimate businesses unable to access the payment infrastructure they need.

How Businesses Should Respond

For businesses incorporated in or transacting with grey-listed jurisdictions, the following practical steps can help maintain banking relationships and payment access:

• Proactive transparency: Provide banking partners with detailed documentation of beneficial ownership, business activity, source of funds, and AML compliance measures. Do not wait to be asked — information provided proactively is more credible than information provided under pressure.
• Engage at relationship level: The decision to exit a correspondent relationship is typically made at compliance or senior management level, not at the relationship manager level. Request engagement with the bank's financial crime compliance team and provide a formal presentation of your risk management framework.
• Diversify banking relationships: Maintain relationships with multiple financial institutions across different jurisdictions. Single-bank dependency creates existential exposure when a grey-list designation triggers a relationship review.
• Consider jurisdiction of incorporation: For businesses with genuine operational flexibility, incorporation in a jurisdiction with a strong FATF rating may reduce friction in banking relationships significantly — though this must be a genuine operational decision, not a sham arrangement.
• Monitor FATF updates: FATF publishes country action plans alongside greylisting decisions. Monitor progress against these action plans as an indicator of how long the grey-list designation is likely to persist.

Greylisting is a regulatory mechanism intended to incentivise national reform, but its commercial consequences fall disproportionately on legitimate businesses and individuals in affected jurisdictions. Navigating this landscape requires both technical knowledge of the compliance requirements and practical experience of how financial institutions translate those requirements into operational decisions.